{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"DPA versions ant\u00e9rieures \u00e0 2021.3.7438","product":{"name":"N/A","vendor":{"name":"SolarWinds","scada":false}}},{"description":"Access Rights Manager versions ant\u00e9rieures \u00e0 2021.4","product":{"name":"Access Rights Manager","vendor":{"name":"SolarWinds","scada":false}}},{"description":"Kiwi Syslog Server versions ant\u00e9rieures \u00e0 9.8","product":{"name":"N/A","vendor":{"name":"SolarWinds","scada":false}}},{"description":"Network Performance Monitor versions ant\u00e9rieures \u00e0 2020.2.6 HF2","product":{"name":"N/A","vendor":{"name":"SolarWinds","scada":false}}},{"description":"Kiwi CatTools versions ant\u00e9rieures \u00e0 3.11.9","product":{"name":"N/A","vendor":{"name":"SolarWinds","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-35228","url":"https://www.cve.org/CVERecord?id=CVE-2021-35228"},{"name":"CVE-2021-35230","url":"https://www.cve.org/CVERecord?id=CVE-2021-35230"},{"name":"CVE-2021-35235","url":"https://www.cve.org/CVERecord?id=CVE-2021-35235"},{"name":"CVE-2021-35231","url":"https://www.cve.org/CVERecord?id=CVE-2021-35231"},{"name":"CVE-2021-35233","url":"https://www.cve.org/CVERecord?id=CVE-2021-35233"},{"name":"CVE-2021-35236","url":"https://www.cve.org/CVERecord?id=CVE-2021-35236"},{"name":"CVE-2021-35227","url":"https://www.cve.org/CVERecord?id=CVE-2021-35227"},{"name":"CVE-2021-35225","url":"https://www.cve.org/CVERecord?id=CVE-2021-35225"},{"name":"CVE-2021-35237","url":"https://www.cve.org/CVERecord?id=CVE-2021-35237"}],"links":[],"reference":"CERTFR-2021-AVI-811","revisions":[{"description":"Version initiale","revision_date":"2021-10-21T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSolarWinds. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35235 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35235"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35225 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35233 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35233"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35231 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35231"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35228 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35228"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35236 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35236"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35230 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35230"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35237 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35237"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds CVE-2021-35227 du 19 octobre 2021","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35227"}]}